Ukrainian Websites Attacked As New Malware Said To Spread

Law360 (February 23, 2022, 9:36 PM EST) -- Ukrainian government websites were hit Wednesday with what a local official called a distributed denial-of-service attack, while cybersecurity companies reported detecting a more dangerous form of malware on computer networks within the country.

Websites for Ukraine's Ministry of Foreign Affairs, Cabinet of Ministers and its parliament all saw service disruptions after an attack that began at around 4 p.m local time Tuesday, said Mykhailo Fedorov, Ukraine's minister of digital transformation, on an account on the social media platform Telegram.

The sites were believed to have been hit with a "mass DDoS attack," Federov said, referring to a type of cyberattack in which servers are overwhelmed with illegitimate traffic. The websites of numerous Ukrainian banks were also affected by the attack, Fedorov added, without specifying which banks were hit. 

The attacks marked the second time within a month that Ukrainian government websites were affected by cyberattacks, and came as Russia positioned troops at the Ukrainian border, with officials in the U.S. and Europe warning of a Russian invasion into the country. U.S. cybersecurity officials have blamed cyberattacks that briefly pushed dozens of Ukrainian websites offline earlier this month on Russian intelligence agents.

It was not immediately clear Wednesday whether the distributed denial-of-service attacks, viewed as a relatively mild form of malicious cyber activity, were cover for a more damaging form of intrusion. But late Wednesday, private cybersecurity companies Symantec Corp. and ESET reported detecting a new type of data-wiping malware on computer networks in Ukraine. 

The malware, which is designed to destroy data, has also been spotted in Latvia and Lithuania and has affected government contractors and the financial industry, Symantec said in a news release.

ESET's researchers have observed the malware on "hundreds of machines" in Ukraine, the company wrote on Twitter. But the full scale of the malware activity remained unclear late Wednesday.

The source of the malware was also unclear. But Russian actors have a long history of launching cyberattacks in Ukraine, including in a June 2017 cyberattack that paralyzed part of Ukraine's banking and electricity sectors, before spreading to organizations across the globe, including DLA Piper, whose network was shut down for days.

U.S. cybersecurity officials also warned critical infrastructure operators in January to watch out for potential cyberattacks from Russian state-sponsored hackers.

"Russia has a history of trying out new cyber tools against Ukraine, sometimes with devastating global effect," said John Dermody, counsel in the Washington, D.C., office of international law firm O'Melveny & Myers LLP, in an email.

Dermody, a former deputy legal adviser for the National Security Council and a former attorney at the U.S. Department of Homeland Security, added that organizations in the private sector should also be on the lookout for malicious cyber activity coming out of Russia.

"Past incidents demonstrate that Russia, whether by itself or acting through proxies, may target the private sector to exert pressure in the middle of an international standoff," Dermody said.

--Editing by Jay Jackson Jr.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!